Multicast

From Network Security Wiki

Ranges

224.0.0.0/4 - 224.0.0.0 -239.255.255.255

Link local address - 224.0.0.0/24
Source specific multicast -232.0.0.0/24
Administratively scoped -239.0.0.0/8


  • Multicast control plane work differently than unicast routing ,it needs to know who is sender of multicast and to which group ,also the receiver of multicast.
  • Multicast Data plane - do RPF check (was traffic received on correct interface and build multicast routing table).
  • Multicast is source based routing .

IGMP

  • Host on LAN signal the router to join the multicast group.
  • Two kind of request
(*,G) - Any source who is generating the multicast stream for that group  - Supported by IGMP V1 and V2
(S,G) - want to join particular source sending the multicast group - IGMP version 3 support both (S, G and (*,G)
  • IGMP get enabled when the IP PIM [Dense mode, Sparse mode, Sparse-DENSE-mode] is enabled.
  • By default IGMP version 2 is enabled.
  • IP IGMP join group address can be used for testing on routers to see weather multicast traffic is received on router for particular group.
  • Command used to manually put the request for particular multicast group instead of relying on IGMP query message for particular group:
ip igmp static group

PIM

  • Used to signal routers to build multicast tree ,tree could be sender to receiver or sender to rendevpoint --- receiver.
  • PIM version 1 or 2 ,By default its PIM version 2 , RP information is already encoded in PIM packet in version 2. PIM version 2 has field for BSR.

DENSE mode

  • Implicit join, multicast traffic is send across entire network unless if some one report for not joining the particular stream. Flood and prune behavior.
  • Neighbor discovery on multicast address 224.0.0.13 same for sparse mode as well.
  • Note if we have (*,G) entry then we know about receiver and if we have (S,G) entry then we know about sender as well .
  • Two ways to generate multicast traffic either through pinging multicast address or through IP SLA.
  • IN PIM dense - through RPF nei information is used to send unicast packet back to source, message could pim prune or graft message.
  • When the multicast source flood the traffic for particular multicast groups each multicast enable router will install (S,G entry) and (*,G) entries even if they are not interested.
  • So in dense every router needle to install (*,G ) and (S,G) entry as we cannot have (S,G) until we have (*,G) entries.so if the source is active every router need to maintain the state table for multicasting.
  • Graft message for (S,G) entry is to unprune the multicast traffic as earlier it was set to prune.
  • State refresh to keep the link prune as its original state.

Sparse mode

  • Uses explicit join unless it is asked by someone to join multicast traffic uses RP as reference point.
  • In case we are using source specific multicast we don't need RP.for Group specific joins we need RP.
  • Traffic is not send anywhere unless it is requested.
  • Sparse mode uses both source based trees and shortest path trees
  • RP needs to know the receivers and senders.
  • DR on lan segment send (S,G) register mess age to and RP in turns reply register stop process and receivers on LAN segment send IGMP join and which will be converted to pim join(*,G) message to RP to form RPT tree.
  • So pim join will traverse from receiver till RP every device will have (*,G) entry and from source till RP every device will have (S,G) entry.
  • Once RP knows about sender and receiver it will send (S,G) join request back to source and source would start sending the multicast traffic to RP then to receiver.
  • Then its up to the last hop router on receiver side for the optimation process weather it want to join directly to source using SPT bypassing RP.
  • Note - When we do debug only process switched traffic is debug if we want to debug the data plane traffic then we need to disable cef (no ip route cache),if we change the unicast routing it will also change the multicasting routing, To change the unicast routing we can also use Ip mroute command.
  • Source based tree - tree is build based on shortest path from receiver till sender.
  • Shared tree - tree from sender to RP and then RP till receiver.
  • To check RP configured on each transient router:
sh ip pim rp mapping
  • RP can be assigned statically (ip pim rp address) or dynamically (auto RP and BSR)
  • Auto RP - uses two data plane multicast address (224.0.1.39) advertised by routers willing to become RP to mapping agents.
  • 224.0.1.40 - chooses the RP and advertised to rest of routers for RP information.
  • To stay on shared tree rather than SPT
ip pm spt-threshold infinity

Sparse-dense-mode

  • ANY group for which we have RP assigned used sparse mode for other uses dense mode.
  • RPF check is used for loop free path in multicast data plane, AS per RPF check if the multicast packet is received on incoming interface router will check the unicast routing for source and that matches the incoming interface RPF check Passes else fail.
  • Once the multicast routing table is populated router always prefer (S,G) over (*,G) and in multicast routing table we have incoming interfaces and OIL for outgoing interface list if the RPF check passes multicast traffic is send across all interfaces in OIL.
  • On multicast router below command shows which multicast group is active on ethernet and which receiver has joined the group:
sh ip igmp group
  • To determine which router is IGMP queried router:
sh ip igmp interface EO
  • We can manually tune the query interval and query max response time:
ip igmp query interval 120            (default 60 sec)          -> query interval
ip igmp query-max-response-time 20    (default 10 sec)          -> response time
  • IOS command to specify which version of IGMP is to be enabled:
ip igmp version 1/2
  • Test commands for IGMP
ip igmp join group 
ip igmp static group
  • For sparse mode we need to assign RP:
ip pim rp address x.x.x.x
  • In order to check if there are any rp mapping:
sh ip pim rp mappings
  • In order to check for multicasting packet counters:
sh ip mroute counters
  • In sparse mode there is SPT switch over shorted path tree
  • For the SPT threshold we can set the threshold on DR multicast router that is receiving the IGMP join request in global config mode:
ip pim spt threshold <value>              --> Value is volume of multicast feed
  • If the Rpf check is failing we can still have interface to forward multicast by static mrouter:
ip mroute server mask next hop address
Retrieved from "https://aman.awiki.org/wiki/Multicast?oldid=4702"